[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- howtos:network_services:tunnel_interfaces [2013/02/11 01:11 (UTC)] – [Sources] ricky_cardo
+++ howtos:network_services:tunnel_interfaces [2020/06/25 13:38 (UTC)] – [Results] ricky_cardo
@@ Line 1: / Line 1: @@
-<!-- Add your text below. We strongly advise to start with a Headline (see button bar above). -->
 ====== Tunnel Interfaces ======
 If you are looking to establish an SSH tunnel between two networks and treat the tunnel as an interface, this may help.
-  * First I would recommend enabling rc.ip_forward in /etc/rc.d/ (on local and target machines)
+  * First I would recommend enabling rc.ip_forward in /etc/rc.d/ (on local and target machines) <code bash>
-<note tip>chmod +x /etc/rc.d/rc.ip_forward</note>
+root@darkstar:~# chmod +x /etc/rc.d/rc.ip_forward
-or for a temporary (loose at reboot) way use
+</code> or for a temporary (lose at reboot) way use <code bash>
-<note tip>echo "1" > /proc/sys/net/ipv4/ip_forward</note>
+root@darkstar:~# echo "1" > /proc/sys/net/ipv4/ip_forward
+</code>
-  * Next I'm using autossh found at slackbuilds.org The below script requires it.
+  * Almost forgot you will need to enable tunneling in /etc/ssh/sshd_conf.  Find this part //#PermitTunnel no// uncomment and change to yes (on the target machine) you can use vi to edit or try the below code:<code bash>
-  * You will also want to have non-interactive ssh connections set up.  Meaning authorized_keys setup with public/private keys.
+root@darkstar:~# /usr/bin/sudo /bin/sed -e "s/#PermitTunnel\ no/PermitTunnel\ yes\ #changed\ `date '+%Y%m%d' \
-  * Also assuming you have sudo privledges and user on the remote machine (with NOPASSWD: ALL option)
+`\ by\ `/bin/whoami`/" -i.stock_slackware-`/bin/awk '{print $2}' /etc/slackware-version` /etc/ssh/sshd_config</code>
-  * Next I'm using a little bash script which I will explain after peeking at it.
+  * Next I'm using autossh found at [[http://slackbuilds.org/result/?search=autossh|slackbuilds.org]] . The below script requires it (there is an alternate method mentioned at the bottom. Replace line 20.)
-<file bash rc.tunnel>#!/bin/bash
+  * You will also want to have non-interactive ssh connections set up.  Meaning [[howtos:security:sshkeys|authorized_keys setup with public/private keys]].
+  * Also assuming you have sudo privileges and user on the remote machine (using the ''NOPASSWD: ALL'' option in ''/etc/sudoers'') \\ Example: as root type "''visudo''" and add your user like this <code bash>
+rich ALL=(ALL) NOPASSWD: ALL
+</code>
+  * Next I'm using a simple bash script which I will explain after peeking at it. <file bash rc.tunnel>
+#!/bin/bash
 ###########################################################
@@ Line 20: / Line 24: @@
 #
 target=74.79.121.210
+port=22
 #
+###########################################################
+# suggestions contact rich at lehcar.duckdns.org
+# with thanks to Billy T (for idea and assistance)
 ###########################################################
 #load module
 /usr/bin/sudo /sbin/modprobe tun
 #load remote module
-/usr/bin/ssh $target "/usr/bin/sudo /sbin/modprobe tun"
+/usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/modprobe tun"
-sleep 1
+/bin/sleep 1
-/usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true
+/usr/bin/sudo /usr/bin/autossh -p $port -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true
 /bin/sleep 4
-/usr/bin/ssh $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3"
+/usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3"
 /usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3
 /usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 /usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
-/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
+/usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
-/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
+/usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
-/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT"
+/usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT"
 </file>
-To direct traffic over the tunnel try:
+  * To direct traffic over the tunnel try: <code bash>
-<note tip>sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0</note>
+user@darkstar:~$ sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0
+</code>
+  * To substitute normal ssh rather than autossh substitute this line below for the one with autossh (line 20)<code bash>
+/usr/bin/sudo /usr/bin/ssh -p $port -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true
+</code>
+To recap some of the options:  "''-fw 0:0''" forks the ssh process to the background / opens a tunnel and "''0:0''" picks the local and remote interfaces (ie tun0 and tun0). The "''-o''" options are used to specify parameters for openSSH.
+==== Results ====
+Now you can access the remote computer using "''192.168.5.2''" and your communications will go through the ssh tunnel.  In the above script you may wish to modify the network and mask to fit your needs. I chose "''192.168.5''" but your configuration will likely be different.
+I'm not going to be able to elaborate on the iptables rules still a little green there, but they work.
+Here are a couple usage examples.  Directing traffic to the tunnel interface.  first example 10.10.132.0-255 second just 10.10.182.15
+**/sbin/route add -net 10.10.132.0 netmask 255.255.255.0 dev tun0**
+**/sbin/route add -net 10.10.182.15 netmask 255.255.255.255 dev tun0**
 ====== Sources ======
 <!-- If you are copying information from another source, then specify that source -->
 <!-- * Original source: [[http://some.website.org/some/page.html]] -->
 <!-- Authors are allowed to give credit to themselves! -->
-<!-- * Originally written by [[wiki:user:xxx | User X]] -->
+  * Originally written by [[wiki:user:ricky_cardo | ricky_cardo]]
 <!-- * Contributions by [[wiki:user:yyy | User Y]] -->
 <!-- Please do not modify anything below, except adding new tags.-->
-<!-- You must remove the tag-word "template" below before saving your new page -->
+{{tag>howtos tunnel tun0 author_ricky_cardo}}
-{{tag>howtos tunnel tun0 for_review}}

Trace:

Differences

Search

Navigation

Print/export

Tools

SlackDocs

Slackware Links